Solved: can you help me with regex

tulusoy · ‎03-01-2019

Hi,
I have a search with regex

ERROR   * | rex ".*?(?(?:\w+\.)+\w*?Exception).*"    | stats sparkline  count by exception |sort count desc

should I change limits.conf or change regex ?
Can you help me.

Thank you

chrisyounger · ‎03-01-2019

Try this:

ERROR * | rex "(?<exception>\S+Exception)" | stats sparkline count by exception |sort count desc

View solution in original post

chrisyounger · ‎03-01-2019

Try this:

ERROR * | rex "(?<exception>\S+Exception)" | stats sparkline count by exception |sort count desc

tulusoy · ‎03-08-2019

thank you vey much. It runs

somesoni2 · ‎03-01-2019

What's the problem here?

damann · ‎03-01-2019

Could you provide a sample positive event ? Btw. your regex is broken...

niketn · ‎03-01-2019

@tulusoy while posting code use the code button ( 101010 ) on Splunk Answers so that special characters do not escape.

You can also use shortcut Ctrl+K after selecting the code.

Or else add four spaces before each line of code and ensure to hit enter twice before writing first line of code so that there is a line gap between text and code. (Usually preview mode on Splunk Answer shows you how your final post will appear after submit.)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

can you help me with regex

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

can you help me with regex

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)